183 matches found
HPE Asset Manager Arbitrary Code Execution Vulnerability
HP AssetManager is a solution for managing the lifecycle of IT assets. A security vulnerability exists in HPE Asset Manager 9.40, 9.41, 9.50, and Asset Manager CloudSystem Chargeback 9.40, which can be exploited by remote attackers to execute arbitrary commands via constructed serialized Java...
Unspecified Vulnerability in Adobe Experience Manager
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. An unspecified vulnerability exists in AEM, which can be exploited by remote attackers with the help of specially crafte...
HP Continuous Delivery Automation Arbitrary Command Execution Vulnerability
HP Continuous Delivery Automation is a suite of solutions for automating the deployment of multi-tier applications. A security vulnerability in HP Continuous Delivery Automation allows remote attackers to execute arbitrary commands using specially crafted serialized Java objects...
McAfee ePolicy Orchestrator Java Object Deserialization RCE
The McAfee ePolicy Orchestrator ePO installed on the remote Windows host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to...
HPE Operations Manager Arbitrary Command Execution Vulnerability
HPE Operations Manager OM is a set of business-oriented, enterprise-class systems management software from Hewlett Packard Enterprise HPE. The software provides system management, application management, event processing, business presentation and other functions. A security vulnerability exists ...
Intel McAfee ePolicy Orchestrator Arbitrary Code Execution Vulnerability
Intel McAfee ePolicy Orchestrator ePO is a suite of scalable security management software from Intel Corporation formerly McAfee, Inc.. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. A security vulnerability exists in Inte...
VMware vRealize Orchestrator Arbitrary Command Execution Vulnerability
VMware vRealize Orchestrator is a suite of IT process automation engines for integrating with VMware vCloud Suite components to align and extend service delivery and operations management. VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations...
Symantec Endpoint Protection Manager Java Object Deserialization RCE (SYM15-011)
The remote Symantec Endpoint Protection Manager server is affected by a remote command execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a crafted...
JBoss Java Object Deserialization RCE
The remote JBoss server is affected by multiple remote code execution vulnerabilities : - A flaw exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. A remote attacker can exploit this issue to bypass authentication and invoke...
Immunity Canvas: JENKINS_CLI_DESERIALIZATION
Name| jenkinsclideserialization ---|--- CVE| CVE-2015-8103 Exploit Pack| CANVAS Description| jenkinsclideserialization Notes| CVE Name: CVE-2015-8103 VENDOR: Jenkins NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK...
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server is an Oracle application server for cloud and legacy environments that provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application deployment and management.WLS...
CVE-2015-2828
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...
Code injection
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...
CVE-2015-2828
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...
CVE-2012-6636
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...
CVE-2013-4710
CVE-2013-4710 affects Android WebView implementations (Android 3.0–4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank and other devices). The issue arises from improper WebView handling of addJavascriptInterface, enabling remote attackers to call arbitrary Java object methods or cause a ...
CVE-2012-6636
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...
CVE-2012-6636
CVE-2012-6636 corresponds to an Android WebView issue where WebView.addJavascriptInterface is not properly restricted, allowing crafted JavaScript to invoke Java object methods via Reflection and potentially achieve remote code execution on apps targeting API level 16 or earlier. Connected docs s...
Chrome For Android API Exposure
CVE Number: CVE-2012-4907 Title: Chrome for Android - Android APIs exposed to JavaScript Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: By abusing Java objects exposed to...
JavaScript to Java
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...